Struts@2.0.9 Security Vulnerabilities and Issues — Struts@2.0.9 CVE List

Lucene search

ApacheStruts2.0.9

2 matches found

CVE•added 2014/05/08 10:55 a.m.•91 views

CVE-2014-0116

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists be...

5.8CVSS6.1AI score0.88063EPSS

CVE•added 2014/12/10 3:59 p.m.•65 views

CVE-2014-7809

Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable values, which allows remote attackers to bypass the CSRF protection mechanism.

6.8CVSS6.7AI score0.12682EPSS